Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1225
Views
0
Helpful
7
Replies

Internet speeds slow behind ASA 5520

mazariegosm
Level 1
Level 1

‎01-18-2012 07:57 AM - edited ‎03-11-2019 03:16 PM

I have two 5520s in a failover configuration. When browsing the internet behind them the speeds average 0.5Mb/1.0Mb Download/Upload. When bypassing the ASAs the speeds increase to 4Mb/6Mb. I have checked the interfaces on the ASAs and there are no errors, collisions, drops, etc.

Also Memory and CPU look great. Any ideas???

Thanks,

Maz

Labels:
0 Helpful
7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-18-2012 10:43 AM

Hello,

Do you have an IPS module or CSC module?

Are you inspecting the http protocol over the MPF?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

mazariegosm
Level 1
Level 1

‎01-18-2012 11:29 AM

I do have the CSC module, but I have bypassed it and turned off HTTP inspection and still have the same issue.

-Maz

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mazariegosm

‎01-18-2012 11:43 AM

Hello Maza,

When you bypass the ASA do you use the same public ip address that when the ASA is there?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

mazariegosm
Level 1
Level 1
In response to Julio Carvajal

‎01-18-2012 12:04 PM

I don't use the same one, but use one in the same subnet. If I NAT my PC to a public IP and use it behind the ASA = Slow. If I configure my PC with the public IP and bypass the ASA = fast.

I have also changed the IP in the ASA to a different public IP, but it made no difference.

Thanks for the help by the way.

-Maz

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mazariegosm

‎01-18-2012 12:11 PM

Hello Maza,

Can you do a static one to one on the ASA from the laptop pc to the public you use bypassing the ASA to see how it goes?

Also do you have any policing rule? Is this problem http with all the sites?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

mazariegosm
Level 1
Level 1
In response to Julio Carvajal

‎01-18-2012 12:18 PM

I have done a static translation, and the result is the same. I'm not doing any policing.

Thanks,

Maz

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mazariegosm

‎01-18-2012 01:25 PM

Hello Maza,

Is it possible that you can post your entire configuration ( doing some changes of course due to your network security)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card